xref: /openbmc/linux/net/netlabel/netlabel_mgmt.h (revision 4f3db074) 
1 /*
2  * NetLabel Management Support
3  *
4  * This file defines the management functions for the NetLabel system.  The
5  * NetLabel system manages static and dynamic label mappings for network
6  * protocols such as CIPSO and RIPSO.
7  *
8  * Author: Paul Moore <paul@paul-moore.com>
9  *
10  */
11 
12 /*
13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  *
15  * This program is free software;  you can redistribute it and/or modify
16  * it under the terms of the GNU General Public License as published by
17  * the Free Software Foundation; either version 2 of the License, or
18  * (at your option) any later version.
19  *
20  * This program is distributed in the hope that it will be useful,
21  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
23  * the GNU General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with this program;  if not, see <http://www.gnu.org/licenses/>.
27  *
28  */
29 
30 #ifndef _NETLABEL_MGMT_H
31 #define _NETLABEL_MGMT_H
32 
33 #include <net/netlabel.h>
34 #include <linux/atomic.h>
35 
36 /*
37  * The following NetLabel payloads are supported by the management interface.
38  *
39  * o ADD:
40  *   Sent by an application to add a domain mapping to the NetLabel system.
41  *
42  *   Required attributes:
43  *
44  *     NLBL_MGMT_A_DOMAIN
45  *     NLBL_MGMT_A_PROTOCOL
46  *
47  *   If IPv4 is specified the following attributes are required:
48  *
49  *     NLBL_MGMT_A_IPV4ADDR
50  *     NLBL_MGMT_A_IPV4MASK
51  *
52  *   If IPv6 is specified the following attributes are required:
53  *
54  *     NLBL_MGMT_A_IPV6ADDR
55  *     NLBL_MGMT_A_IPV6MASK
56  *
57  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
58  *
59  *     NLBL_MGMT_A_CV4DOI
60  *
61  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required.
62  *
63  * o REMOVE:
64  *   Sent by an application to remove a domain mapping from the NetLabel
65  *   system.
66  *
67  *   Required attributes:
68  *
69  *     NLBL_MGMT_A_DOMAIN
70  *
71  * o LISTALL:
72  *   This message can be sent either from an application or by the kernel in
73  *   response to an application generated LISTALL message.  When sent by an
74  *   application there is no payload and the NLM_F_DUMP flag should be set.
75  *   The kernel should respond with a series of the following messages.
76  *
77  *   Required attributes:
78  *
79  *     NLBL_MGMT_A_DOMAIN
80  *
81  *   If the IP address selectors are not used the following attribute is
82  *   required:
83  *
84  *     NLBL_MGMT_A_PROTOCOL
85  *
86  *   If the IP address selectors are used then the following attritbute is
87  *   required:
88  *
89  *     NLBL_MGMT_A_SELECTORLIST
90  *
91  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
92  *   attributes are required:
93  *
94  *     NLBL_MGMT_A_CV4DOI
95  *
96  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
97  *   attributes are required.
98  *
99  * o ADDDEF:
100  *   Sent by an application to set the default domain mapping for the NetLabel
101  *   system.
102  *
103  *   Required attributes:
104  *
105  *     NLBL_MGMT_A_PROTOCOL
106  *
107  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
108  *
109  *     NLBL_MGMT_A_CV4DOI
110  *
111  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required.
112  *
113  * o REMOVEDEF:
114  *   Sent by an application to remove the default domain mapping from the
115  *   NetLabel system, there is no payload.
116  *
117  * o LISTDEF:
118  *   This message can be sent either from an application or by the kernel in
119  *   response to an application generated LISTDEF message.  When sent by an
120  *   application there is no payload.  On success the kernel should send a
121  *   response using the following format.
122  *
123  *   If the IP address selectors are not used the following attribute is
124  *   required:
125  *
126  *     NLBL_MGMT_A_PROTOCOL
127  *
128  *   If the IP address selectors are used then the following attritbute is
129  *   required:
130  *
131  *     NLBL_MGMT_A_SELECTORLIST
132  *
133  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
134  *   attributes are required:
135  *
136  *     NLBL_MGMT_A_CV4DOI
137  *
138  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
139  *   attributes are required.
140  *
141  * o PROTOCOLS:
142  *   Sent by an application to request a list of configured NetLabel protocols
143  *   in the kernel.  When sent by an application there is no payload and the
144  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
145  *   the following messages.
146  *
147  *   Required attributes:
148  *
149  *     NLBL_MGMT_A_PROTOCOL
150  *
151  * o VERSION:
152  *   Sent by an application to request the NetLabel version.  When sent by an
153  *   application there is no payload.  This message type is also used by the
154  *   kernel to respond to an VERSION request.
155  *
156  *   Required attributes:
157  *
158  *     NLBL_MGMT_A_VERSION
159  *
160  */
161 
162 /* NetLabel Management commands */
163 enum {
164 	NLBL_MGMT_C_UNSPEC,
165 	NLBL_MGMT_C_ADD,
166 	NLBL_MGMT_C_REMOVE,
167 	NLBL_MGMT_C_LISTALL,
168 	NLBL_MGMT_C_ADDDEF,
169 	NLBL_MGMT_C_REMOVEDEF,
170 	NLBL_MGMT_C_LISTDEF,
171 	NLBL_MGMT_C_PROTOCOLS,
172 	NLBL_MGMT_C_VERSION,
173 	__NLBL_MGMT_C_MAX,
174 };
175 
176 /* NetLabel Management attributes */
177 enum {
178 	NLBL_MGMT_A_UNSPEC,
179 	NLBL_MGMT_A_DOMAIN,
180 	/* (NLA_NUL_STRING)
181 	 * the NULL terminated LSM domain string */
182 	NLBL_MGMT_A_PROTOCOL,
183 	/* (NLA_U32)
184 	 * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */
185 	NLBL_MGMT_A_VERSION,
186 	/* (NLA_U32)
187 	 * the NetLabel protocol version number (defined by
188 	 * NETLBL_PROTO_VERSION) */
189 	NLBL_MGMT_A_CV4DOI,
190 	/* (NLA_U32)
191 	 * the CIPSOv4 DOI value */
192 	NLBL_MGMT_A_IPV6ADDR,
193 	/* (NLA_BINARY, struct in6_addr)
194 	 * an IPv6 address */
195 	NLBL_MGMT_A_IPV6MASK,
196 	/* (NLA_BINARY, struct in6_addr)
197 	 * an IPv6 address mask */
198 	NLBL_MGMT_A_IPV4ADDR,
199 	/* (NLA_BINARY, struct in_addr)
200 	 * an IPv4 address */
201 	NLBL_MGMT_A_IPV4MASK,
202 	/* (NLA_BINARY, struct in_addr)
203 	 * and IPv4 address mask */
204 	NLBL_MGMT_A_ADDRSELECTOR,
205 	/* (NLA_NESTED)
206 	 * an IP address selector, must contain an address, mask, and protocol
207 	 * attribute plus any protocol specific attributes */
208 	NLBL_MGMT_A_SELECTORLIST,
209 	/* (NLA_NESTED)
210 	 * the selector list, there must be at least one
211 	 * NLBL_MGMT_A_ADDRSELECTOR attribute */
212 	__NLBL_MGMT_A_MAX,
213 };
214 #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
215 
216 /* NetLabel protocol functions */
217 int netlbl_mgmt_genl_init(void);
218 
219 /* NetLabel configured protocol reference counter */
220 extern atomic_t netlabel_mgmt_protocount;
221 
222 #endif
223